tensorflow is vulnerable to denial of service. The vulnerability exists because the Conv3DTranspose
function of conv3d_transpose.h
does not properly increment the data_ptr
value, resulting in buffer overflows if num_channels
> output_num_channels
, allowing an attacker to cause an application crash by providing a maliciously crafted model with a specific number of input channels.
github.com/tensorflow/tensorflow/blob/091e63f0ea33def7ecad661a5ac01dcafbafa90b/tensorflow/lite/kernels/internal/reference/conv3d_transpose.h#L121
github.com/tensorflow/tensorflow/commit/72c0bdcb25305b0b36842d746cc61d72658d2941
github.com/tensorflow/tensorflow/commit/8433416f0b0b747008037b49f83c7f3efba64fad
github.com/tensorflow/tensorflow/commit/8a84fae4a4c06dc42049bc235fabadcd13fddd84
github.com/tensorflow/tensorflow/commit/d5b0ed5d313220a0c2a57f086a87fd9b27a4bb9f
github.com/tensorflow/tensorflow/pull/58218
github.com/tensorflow/tensorflow/pull/58219
github.com/tensorflow/tensorflow/pull/58220
github.com/tensorflow/tensorflow/security/advisories/GHSA-h6q3-vv32-2cq5